Ways to Keep Your Zoom Meeting Secure

As you plan events this spring, keep the following tips in mind, courtesy of OIT's Zoom expert Debrah Suggs, on how to prevent your meeting from being Zoom bombed. OIT will host a workshop on Wednesday, 3/16 at noon, “Zoom Security How-to: When Bad Things Happen to Good Meetings,” which will cover this topic more in-depth.

Authenticate into Zoom

Use the Single sign-on (SSO) link to sign into Duke’s Zoom environment every single time you join a meeting. The environment is way more secure and you show up as your preferred display name instead of as “guest.” Sensitive meetings should be limited to only authenticated users.

Set up registration

Registration is still a good way keep your event secure, especially if you require answers to questions like ‘What is your NetID’ or ‘What is your NetID email address?’ Forcing participants to answer questions adds another layer of security making it more difficult for the bad guys.

Be careful about sharing links

When promoting an event externally, use the event website link, or university calendar link instead of the direct registration link, such as a Qualtrics link.

Turn off annotation

Meeting disrupters immediately look for annotation. If you don’t know what annotation is, then turn it off. But if it’s a feature you need, make it so that only the person sharing the content can annotate. When screen sharing during a meeting in progress, select More.

Should something awful happen during a meeting, the meeting host has several options, mostly found by clicking on the Security icon (the same place where you go to allow screen sharing):

  • Remove the offender and immediately lock the meeting so no one else can join
  • Uncheck the Share Screen, Chat, Rename, Unmute, and Start Video buttons to shut down those features
  • Hide all profile pictures
  • And finally, if all else fails, Suspend Participant Activities will stop the meeting cold.

If your meeting topic is highly sensitive and/or you think you are going to be a target, consider making the meeting a webinar by requesting a temporary webinar license. Webinars are secure by their very nature – participants do not know who is in the meeting and chat can be disabled. The licenses are limited but you can request one by filling out a form. See the second bullet here for more information on webinars: https://oit.duke.edu/what-we-do/applications/zoom-meetings.

Learn more about Zoom security here: https://oit.duke.edu/help/articles/kb0032713.